Comment 53 for bug 2071734
Revision history for this message
| sean mooney (sean-k-mooney) wrote Re: Regression VMDK/qcow arbitrary file access (CVE-2024-40767) | #53 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
the iso fixes are important as I had to mitigate the possible publicly reported iso attack vector of putting a different image header in the system area of the iso file before i could enable iso support.
the side effect of that is preventing having multiple formats in a single file for all file formats.
so that is a separate hardening opportunity that was not covered by either cve and has been mitigated as part of the regression fix.
it does not change the scope of this CVE but its still important to improve the security posture.